Hi!
I think you need to init an environment and make it available
throughout all of the requests.
Look at this section:
https://shiro.apache.org/web.html#shiro_1_2_and_later
Especially the part "what it does": "(... including the
SecurityManager) and makes it accessible in the ServletContext.
You can take a look at the class
"org.apache.shiro.web.env.EnvironmentLoaderListener" to see what it
looks like.
Once set up, you should be able to access your WebSecurityManager in
any way you described.
Am Fr., 13. Mai 2022 um 06:20 Uhr schrieb Lenny Primak <lpri...@hope.nyc.ny.us>:
>
> Have you looked at the Shiro web tutorial?
> The examples there should work just fine.
>
>
> On May 12, 2022, at 8:28 PM, Josef Gosch <josef.go...@gmail.com> wrote:
>
> My authentication realm is set up correctly, I can authenticate through an
> endpoint inside the RequestHandler. I can save the session cookie manually,
> but I can't find a way for the SecurityManager or WebSessionManager to
> intercept it.
>
> Josef Gosch <josef.go...@gmail.com> schrieb am Fr., 13. Mai 2022, 03:01:
>>
>> Hello.
>>
>> I have some troubles implementing Shiro in a distributed environment.
>> Clients/Server are communicating through a HTTP based Protocol provided by
>> Jetty on the server side. The client side is set up to store and reply
>> cookies.
>>
>> I played around with different approaches but nothing seems to fit. I tried
>> creating a ServletContextHandler and adding the Filters there, but I have no
>> clue how to combine it with my RequestHandler. I also don't find much help
>> online on this subject. Maybe someone here could give me a hint?
>>
>> It's basically made up of 2 Classes:
>>
>> public final class WebServer extends AbstractIdleService {
>>
>> // ~ Static fields
>> ---------------------------------------------------------------------------------------------
>>
>> private static final Logger L = LoggerFactory.getLogger(WebServer.class);
>>
>> // ~ Instance fields
>> -------------------------------------------------------------------------------------------
>>
>> private final int port;
>> private final Server server;
>> private final TractDB tractDB;
>> private final Gson gson;
>>
>> // ~ Constructors
>> ----------------------------------------------------------------------------------------------
>>
>> public WebServer(final TractDB tractDB, final int port, final Gson gson)
>> {
>> this.tractDB = tractDB;
>> this.port = port;
>> this.gson = gson;
>> this.server = new Server();
>> }
>>
>> // ~ Methods
>> ---------------------------------------------------------------------------------------------------
>>
>> @Override
>> protected void startUp() throws Exception {
>>
>> SslContextFactory sslContextFactory = new SslContextFactory();
>> sslContextFactory.setKeyStore(SSLKeyStore.create("server.keystore"));
>> sslContextFactory.setKeyStorePassword(SSLKeyStore.KEYSTORE_PASSWORD);
>> sslContextFactory.setProtocol("TLSv1.2");
>>
>> SslConnectionFactory ssl = new
>> SslConnectionFactory(sslContextFactory, "http/1.1");
>> HttpConnectionFactory http = new HttpConnectionFactory(new
>> HttpConfiguration());
>>
>>
>> /* connectors */
>> ServerConnector sslConnector = new ServerConnector(this.server, ssl,
>> http);
>> sslConnector.setPort(this.port);
>> this.server.addConnector(sslConnector);
>>
>> /* handlers */
>>
>> GzipHandler gzip = new GzipHandler();
>> RequestHandler requestHandler = new RequestHandler(this.gson,
>> this.tractDB);
>>
>> gzip.setIncludedMimeTypes("text/html", "text/plain",
>> "application/json");
>>
>> gzip.setHandler(requestHandler);
>>
>> this.server.setHandler(gzip);
>>
>> this.server.start();
>> }
>>
>> @Override
>> protected void shutDown() throws Exception {
>> L.info("shutting down web-server");
>> this.server.stop();
>> }
>> }
>>
>> ---------------------------------------------------------------------------------------------
>>
>> ---------------------------------------------------------------------------------------------
>>
>> public final class RequestHandler extends AbstractHandler {
>>
>> // ~ Static fields
>> ---------------------------------------------------------------------------------------------
>>
>> private static final Logger L =
>> LoggerFactory.getLogger(RequestHandler.class);
>>
>> // ~ Instance fields
>> -------------------------------------------------------------------------------------------
>>
>> // ...
>>
>> // ~ Constructors
>> ----------------------------------------------------------------------------------------------
>>
>> public RequestHandler(final Gson gson, final TractDB tractDB) {
>> // ...
>> }
>>
>> // ~ Methods
>> ---------------------------------------------------------------------------------------------------
>>
>> @Override
>> public void handle(final String target, final Request baseRequest, final
>> HttpServletRequest request, final HttpServletResponse response) throws
>> IOException, ServletException {
>> L.debug("{} '{}'", request.getMethod(), target);
>>
>> try {
>>
>> /* default result: not found */
>> HandlerResult handlerResult = JsonResult.notFound(this.gson);
>>
>> /* ... Handlers will be dispatched here ... */
>>
>> handlerResult.writeTo(response);
>>
>> } catch (RuntimeException e) {
>> L.error(e.getMessage(), e);
>> response.reset();
>>
>> JsonResult.internalServerError(this.gson)
>> .writeTo(response);
>> }
>>
>> baseRequest.setHandled(true);
>> }
>> }
>
>
